PSIRT Advisories
FortiSOAR - Server-Side Template Injection in Playbook component
Summary
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
Affected Products
FortiSOAR version 7.2.0FortiSOAR version 7.0.0 through 7.0.3
FortiSOAR version 6.4.0 through 6.4.4
Solutions
Please upgrade to FortiSOAR version 7.2.1 or above